Operating system sandbox

摘要

An operating system sandbox may include an operating system isolation module configured to restrict an operating system from transmitting machine-readable data and/or machine-readable instructions to an application, based on at least one predefined rule corresponding to abnormal operating system behavior.

主权项

1. An operating system sandbox effective to isolate an operating system from an application, the operating system sandbox comprising:
a computing system that includes an isolation module different from the operating system and different from the application, wherein the isolation module is operable separate from the application, and is configured to control the operating system sandbox to selectively restrict an operating system from transmitting machine-readable data and instructions to the application, and to selectively allow the operating system to transmit machine-readable data and instructions to the application; and at least one rule database operably connected to the isolation module, each rule database configured to store at least one predefined rule corresponding to abnormal operating system behavior associated with communications from the operating system to the application, wherein the abnormal operating system behavior includes at least one of data flux, input thread usage, output thread usage, signatures, patterns, assertions, anomalies, rates and temporal shifts associated with communications from the operating system to the application; wherein the isolation module is further configured to:
allow the operating system to transmit application data to the operating system sandbox, wherein the application data includes machine-readable data and instructions, and the application data is associated with the application;receive the application data transmitted by the operating system;store the application data transmitted by the operating system in memory allocated to the operating system sandbox;analyze the application data stored in the memory allocated to the operating system sandbox;based on the analysis, identify abnormal operating system behavior associated with the transmission of the application data from the operating system to the operating system sandbox pursuant to the at least one predefined rule; and in response to the identification of the abnormal operating system behavior associated with the transmission of the application data from the operating system to the operating system sandbox, determine whether to transmit the application data received from the operating system from the memory allocated to the operating system sandbox to the application based, at least in part, on the identification of abnormal operating system behavior associated with the transmission of the application data from the operating system to the operating system sandbox pursuant to the at least one predefined rule.